Chef 360 Platform requirements
Review the following requirements for Chef 360 Platform Server, nodes, and skills.
Chef 360 Platform Server requirements
Hardware
Chef 360 Platform supports single-node and multi-node deployments. Select a topology based on your availability and scalability requirements.
For production environments, run a benchmark test to determine your system’s requirements. The benchmark test should include the number of nodes you plan to enroll, job frequency, output size, job duration, and check-in frequency.
Note
Starting with Chef 360 Platform 1.6.0, Declarative State Management (DSM) is included by default. The hardware requirements listed here include DSM.
If you’re upgrading from a version before 1.6.0, verify that your nodes meet the current requirements.
Note
If the root directory has space restrictions, mount the following directories before installing:
/var/lib/k0s//run/k0s//var/lib/embedded-cluster/etc/k0s/
Single-node requirements
A single-node Chef 360 Platform deployment (hyperconverged non-HA) has the following minimum requirements. Adjust these values based on your specific usage patterns and workload. For sizing recommendations tailored to your environment, contact your Customer Architect or Customer Success Manager.
| vCPU | Memory | Storage |
|---|---|---|
| 16 | 32 GB | 200 GB |
Multi-node requirements
All nodes must meet or exceed the requirements for their assigned role. Minimum node counts and node sizing requirements must both be satisfied. Using fewer nodes with larger specifications doesn’t replace the required node count. Node roles must be deployed exactly as defined for each topology.
These requirements support reliable operation and high availability of the platform.
Multi-node systems have the following minimum requirements:
| Topology | Roles | Nodes | vCPU | Memory (GB) | Disk (GB) |
|---|---|---|---|---|---|
| Hyperconverged-HA | Controller + Frontend + Backend | 3 | 16 | 32 | 200 |
| Tiered-HA | Controller + Backend | 3 | 16 | 32 | 200 |
| Frontend | 3 or more | 8 | 16 | 50 | |
| Hyperscale-HA | Controller | 3 | 4 | 16 | 50 |
| Frontend | 3 or more | 8 | 16 | 50 | |
| Backend | 3 | 16 | 32 | 200 |
Node sizing requirements can vary based on workload characteristics, scale expectations, performance objectives, availability requirements, and integration patterns. The requirements documented here represent a baseline configuration. Work with a Chef 360 Platform Architect to validate and refine node sizing and ensure your deployment meets the specific needs of your environment.
For more information about cluster topologies and adding nodes, see Cluster management.
File system requirements
Chef 360 Platform has the following file system requirements:
- A mounted XFS filesystem with the
ftype=1option. This is the default in recent RHEL versions. - The
/vardirectory isn’t mounted with thenoexecoption.
Ports
Chef 360 Platform requires the following ports for all deployments. Open the following ports if you are using default ports.
Ports for inbound connections:
| Port | Description |
|---|---|
| 22 | SSH |
| 5985-5986 | WinRM |
| 30000 | Chef 360 Platform Console |
| 31000 | API Gateway |
| 31050 | RabbitMQ |
| 31101 | Mailpit (optional) |
Ports for outbound connections:
| Port | Description |
|---|---|
| 443 | For non-air gapped installations |
Ports for multi-node deployment
Multi-node deployments require additional ports for node-to-node communication. Create firewall rules to allow bidirectional traffic between nodes on these ports.
| Port | Description |
|---|---|
| 2380 | etcd server client API (TCP) |
| 4789 | Flannel VXLAN overlay network (UDP) |
| 6443 | Kubernetes API server (TCP) |
| 9091 | Prometheus metrics (TCP) |
| 9443 | Webhook server (TCP) |
| 10249 | kube-proxy (TCP) |
| 10250 | Kubelet API (TCP) |
| 10256 | kube-proxy health check and metrics (TCP) |
| 30000 | Admin Console (TCP), required for nodes joining the cluster |
FQDN
Chef 360 Platform Server requires a fully qualified domain name (FQDN) that’s RFC 1123 compliant and registered with the Domain Name System (DNS).Node requirements
Nodes can be enrolled using two different methods, with a Chef Infra cookbook or with single-node enrollment from Chef 360 Platform. See the node requirements for those methods in the following sections.
Ports
Open the following default ports for outbound connections.
| Port | Description |
|---|---|
| 443 | HTTPS |
| 31050 | RabbitMQ AMQP/AMQP-TLS |
| 31000 | Nginx Reverse Proxy NodePort |
| 22 | SSH (optional) |
| 80 | HTTP (optional) |
Cookbook-based enrollment
Nodes enrolled with Chef 360 Platform using a Chef Infra cookbook have the following requirements:
- Nodes must have Chef Infra Client installed.
- Nodes have a public DNS or public IP address.
- Nodes can’t have localhost (
127.0.0.1) as an IP address. - Nodes can’t have a CIDR address in the same range as the Chef 360 Platform services. The default CIDR range for Chef 360 Platform services is
10.244.0.0/16or10.96.0.0/12. - You must have sudo privileges on the node.
Single-node enrollment
Nodes enrolled using single-node enrollment have the following requirements.
Connection requirements
- Nodes must be accessible through SSH or WinRM:
- Linux nodes must be enrolled using SSH.
- Windows nodes must be enrolled using WinRM.
- Nodes must have a public DNS name or public IP address.
- A node’s IP address can’t be
127.0.0.1(localhost). - A node’s CIDR address must not overlap with the Chef 360 Platform services’ CIDR range.
The default CIDR ranges for Chef 360 Platform services are
10.244.0.0/16and10.96.0.0/12. - The node’s ports for RabbitMQ and the nginx API gateway must be open to Chef 360 Platform. Chef 360 Platform must also allow inbound connections to these ports from the node.
- For nodes running Windows Server 2016, download and manually install
curl. After installation, ensure thecurlexecutable is added to the system’sPATHenvironment variable.
SSH connection requirements
- Port 22 must be open.
- The user must have
sudoprivileges. - The user must authenticate using an ed25519 or RSA (2048-bit) key without a passphrase.
- If you’re enrolling a node with a username and password, disable sudo password prompts for the SSH user account on that node.
WinRM connection requirements
Ports 5985 (HTTP) and 5986 (HTTPS) must be open.
Configure WinRM by running the following commands:
winrm quickconfig # Select 'Yes' when prompted winrm set winrm/config/service/Auth '@{Basic="true"}' winrm set winrm/config/service '@{AllowUnencrypted="true"}' netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow netsh advfirewall firewall add rule name="WinRM-HTTPS" dir=in localport=5986 protocol=TCP action=allow
Skill requirements
Chef 360 Platform skills are supported on the following platforms.
| OS | Architecture | Version |
|---|---|---|
| Linux | x86_64 | Kernel 5.4 or later |
| Windows | x86_64 | Windows Server 2016 Base and later |
Skills have the following dependencies:
- The Chef Infra Client interpreter requires that Chef Infra Client is installed on the node.
- The InSpec interpreter requires that Chef InSpec is installed on the node.